The PowerBroker Identity Services Open (PBISO) authentication method is one of the supported solutions for performing an offline domain join.

Use the following steps to join a Linux virtual machine to Active Directory (AD) using PBISO.

Procedure

  1. Download PBISO 8.5.6 or later from its official download site.
  2. Install PBISO on your Linux virtual machine. 
    sudo ./pbis-open-8.5.6.2029.linux.x86_64.deb.sh
  3. Install Horizon Agent for Linux.
  4. Use PBISO to join the Linux virtual machine to the AD domain.
    In the following example, lxdc.vdi is the domain name and administrator is the domain user name. 
    sudo domainjoin-cli join lxdc.vdi administrator
  5. Set up the default configuration for domain users. 
    sudo /opt/pbis/bin/config UserDomainPrefix lxdc 
sudo /opt/pbis/bin/config AssumeDefaultDomain true 
sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash 
sudo /opt/pbis/bin/config HomeDirTemplate %H/%U
  6. Edit the /etc/pam.d/common-session file.
    1. Locate the line that says session sufficient pam_lsass.so.
    2. Replace that line with session [success=ok default=ignore] pam_lsass.so.
    Note: You must repeat this step after you reinstall or update the Horizon Agent for Linux.
  7. For Ubuntu 16.04, append the following lines to the /usr/share/lightdm/lightdm.conf.d/50-unity-greeter.conf configuration file. 
    allow-guest=false
greeter-show-manual-login=true
    Note: If you are using Ubuntu 18.04, you do not need to modify the lightdm configuration file.
  8. Restart the Linux virtual machine and log in.

What to do next

Note:
  • If the /opt/pbis/bin/config AssumeDefaultDomain option is set to false, you must update the SSOUserFormat=<username>@<domain> setting in the /etc/vmware/viewagent-custom.conf file.
  • When using the Horizon instant-clone floating desktop pool feature, to avoid losing the DNS Server setting when the new network adapter is added to the cloned virtual machine, modify the resolv.conf file for your Linux system. Use the following example, for an Ubuntu 16.04 system, as a guide for adding the necessary lines in the /etc/resolvconf/resolv.conf.d/head file. 
    nameserver 10.10.10.10
search mydomain.org